Skip to content

Maintenance

Jump to bottom Edit New page
Van Pham edited this page May 18, 2023 · 2 revisions

Backing Up and Restoring the Database

While no cronjob for this exists at the time of writing, it is possible to backup from and restore to the postgres database in Rodan using scripts. For the following, assume the postgres container has ID 612b4ae59567.

Create a Backup

This stores a backup with the name backup_YYYY_MM_DDTHH_MM_SS.sql.gz.

docker exec -it 612b4ae59567 backup

See a list of Backups

docker exec -it 612b4ae59567 backups

Restore a Backup

For a backup with the name backup_YYYY_MM_DDTHH_MM_SS.sql.gz,

docker exec -it 612b4ae59567 restore backup_YYYY_MM_DDTHH_MM_SS.sql.gz

On staging, these backups will persist in a separate volume so they are not tied to a specific postgres container.

Renewing SSL Certificate

To renew the SSL certificate on Rodan instances, run docker -ps to get the nginx container id. Then run

docker exec -it [nginx_container_id] bash

to enter the container. Once in the container, run certbot renew to renew the certificate.

Finally, run service nginx restart within the container to update the changes. If these steps went smoothly, then the certificate should be renewed.

Todo

  • Route all error messages to Sentry.io, and automatically triage them to workers in the lab.
  • Create proper users/groups for the production container. In production (and on linux machines) docker needs to run as a privileged user. The container is not to be regarded as a layer of security. A root user inside the container can have root level effects outside of the container on linux. That is why a dummy user www-data is created in the rodan, celery containers.
    • The rodan container should be ran by the django or rodan user.
    • The nginx container should be ran by the nginx user.
    • The postgres container should be ran by the postgres user.
  • Fix issues outlined by https://github.com/docker/docker-bench-security, and intergrate them with a travis-ci check.
  • Deploy with docker swarm
  • Create celery-GPU queue for GPU intensive workloads.

Permissions

  • If you need root privileges inside of the docker container, you can specify a user with the -u before entering the container with exec or run.
    • docker compose -f docker-compose.yml -u root rodan bash

© 2011-2024 Distributed Digital Music Archives and Libraries Lab

Home

Rodan Docker Setup and Deployment

Rodan Roadmap

Installation

Developing

Deployment

Miscellaneous

Rodan Core

Rodan Job Package System

Rodan Workflow Model

Rodan Server API Overview

Rodan Permission System

Unit Test

Run Unit Tests Locally

Installation without Docker

Miscellaneous

Clone this wiki locally